ACKNOWLEDGING THE RISKS

Financial companies and institutions have always been the classic targets of cyber security attacks and rather beneficial ones, with successful attacks allowing the attackers various reward bearing paths of action. After all, that’s where the money’s at. On top of being an attractive target for adversaries, the financial industry stands out in the sphere of cyber security protection, due to its following characteristics:

HIGHLY SENSITIVE DATA

Due to the nature of their activities financial institutions possess large amounts of wide sets of verified personal data and of course financial records.

HIGHLY REGULATED

Financial services are subject to strict cybersecurity obligations under various regulations, all entailing high fines – Electronic Money Regulation (FCA), GDPR (ICO).

HIGHLY COMPETITIVE AND INNOVATIVE

financial services are always racing to release or integrate the newest and most innovative solutions in the market, to deal with the highly competitive financial ecosystem.

COMPLEX SYSTEMS AND SUPPLY CHAINS

Financial systems are usually comprised of many applications and systems by numerous parties and requires coordination between many moving parts. In addition, traditional institutions rely on legacy systems that are more difficult to protect.

DIVERSE CYBER RISKS

Financial institutions are required to protect the Confidentiality, Integrity, and Availability of their services and data all together, with equal importance.

HIGH REPUTATION RISKS

Customers rely on financial services with their money, and any materialised risk is very likely to divert customers to competitors.

After overcoming the challenge of mapping all the complex systems, entry points and various assets which contain sensitive data, the well needed cyber security protection should be embedded into the design of the financial and supporting systems: for example, by distributing system abilities and team authorisations to avoid inside threats. It should also provide solutions which will attend to the worldwide and around the clock availability of the service, the ability to integrate new technologies and services without compromising the defence and will structure layered security mechanism.

DISRUPTIVE SERVICES, FINTECH

The financial sector is an exciting playground for innovative technologies and revolutionary players, which are constantly disrupting the industry. The Fintech ecosystem grows significantly year by year, turning financial services from a place you go to, into a thing you do. Investment into the UK’s Fintech sector is booming, having surged by almost a fifth in 2018.

The pace of innovation and movement in the Fintech sphere is extremely high, requiring lean and adaptive security solutions. In addition, since the solutions are very different from one another, highly tailored and bespoke security solutions are a must. For new technologies in the Fintech ecosystem, customers’ trust is a core condition for success. Therefore investment in cybersecurity and data protection is crucial to be able to demonstrate accountability and gain such confidence in their ability and legitimacy to provide their services. Our experienced professionals come with industry specific knowledge and can assist Fintech start-ups of all sizes, at all stages, bearing in mind the limitations such companies may have and applying them to the must-meet regulatory requirements. The UK has the strongest Fintech ecosystem in Europe, with London being the hot centre, and as we believe that cybersecurity is key to preserving such success, our UK team in London is highly accessible to all players in the market.

WHAT WE CAN PROVIDE YOU WITH

Our well experienced cyber security professionals are enthusiastic about providing comprehensive solutions to the financial industry. Recommended steps:

  • Map your systems, policies, procedures and processes to identify your risks, internal and external.
  • Provide a security risk analysis and work with you to prioritise them and plan your security targets in alignment with your business targets.
  • Create an information security governance structure, internal standards, and control mechanisms that serve as company’s statement of accountability for the protection of its users’ information.
  • Implement and maintain an information security policy, and related procedures, such as Access control, Change management, Cryptography protocols, etc.
  • Implement technical security measures to maintain the organisational and procedural safeguards to prevent, contain and detect threats to the security
  • Procedures for incident reporting, and management sensitive payment data
  • Business continuity plan and arrangements
  • Recommend adequate measures to safeguard payment service user accounts, core assets, and e-money holders’ funds.

Cynance can help your company to create a sustainable information security organisational structure, supported by internal policies, standards and procedures. Assist your company with the implementation of these guidelines and providing you with the knowledge, techniques and practices of creating strong safeguards and controlling measures for insuring that your cyber risk is been mitigated to the exact level that is appropriate with your company’s risk appetite.

API and EMI Certifications

In order to become an Authorised Payment Institution (API), or an Authorised Electronic Money Institution (EMI), payment service provides are required to comply with various information security and operational resilience requirements, including the following:

  • An information security governance structure, internal standards and control mechanisms that serve as companys’ statement of accountability for the protection of its users’ information.
  • Implementation of information security policy, and related procedures, such as Access control, Change management, Cryptography protocols, etc.
  • Adequate measures to safeguard payment service user accounts, core assets, and e-money holders’ funds.
  • Implementation of technical security measures to maintain the organisational and procedural safeguards to prevent, contain and detect threats to the security.
  • Security risk analysis and presentation of companys’ security objectives.
  • Procedures for incident reporting, and management sensitive payment data.
  • Business continuity plan and arrangements.